File management apparatus and method for verifying integrity

ABSTRACT

A file management apparatus and a method for verifying integrity are provided. The method includes storing a plurality of pieces of data comprising a file as units of chunks and storing the chunks in a memory, determining whether the file has integrity by comparing determined certification values of the chunks of the file with pre-stored certification values of the chunks based on an execution command, and executing the file based on the integrity determination result. The file management apparatus improves a performance of a whole system by partially performing integrity verifications of a plurality of pieces of data comprising a file to be executed.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is based on and claims priority under 35 U.S.C. §119 toKorean Patent Application Nos. 10-2016-0015057 and 10-2016-0022701,filed on Feb. 5 and Feb. 25, 2016, in the Korean Intellectual PropertyOffice, respectively, the disclosures of which are incorporated byreference herein in their entireties.

BACKGROUND

Field

The present disclosure relates generally to a file management apparatusand a method for verifying integrity, and for example, to a filemanagement apparatus and a method for partially verifying integrity of afile according to a characteristic of the file.

Description of Related Art

A general file integrity verifying method determines whether acorresponding file has integrity on a block storage layer that performsa connection operation between a file management apparatus (a filesystem) managing the file and a memory storing the file between the filemanagement apparatus and the memory.

Whether the file has integrity is determined through the block storagelayer, the determination of whether the file has integrity is irrelevantto the characteristic of the file managed by the file managementapparatus, and thus whether all files have integrities are determined.

As described above, an existing integrity verifying method causes adeterioration in a performance of a whole system by determining whetherall files have integrities.

Therefore, a high-performance memory may be used to improve a systemperformance deterioration problem. However, using the high-performancememory generates additional cost, and thus manufacturing unit costincreases.

SUMMARY

Example embodiments of the present disclosure address the abovedisadvantages and other disadvantages not described above.

The present disclosure improves a performance of a whole system bydetermining whether a file to be executed has integrity based on acharacteristic of the file and partially determining whether a pluralityof pieces of data comprising the file have integrities only ifnecessary.

According to an example aspect of the present disclosure, a method ofverifying integrity using a file management apparatus, includesreceiving a file comprising a plurality of pieces of data, arranging theplurality of pieces of data of the file as units of chunks and storingthe chunks in a memory, determining whether the file has integrity bycomparing a certification value of at least one of the chunks of thefile with a pre-stored certification value corresponding to the at leastone of the chunks based on an execution command, and executing the filebased on the integrity determination result.

The memory may store a super block area configured to store allinformation about a volume, a volume meta area configured to store atleast one selected from information for managing the file and executioninformation of the file, and a volume block configured to include a fileobject area storing the file composed as the units of chunks andinformation about the file.

The file object area may include a file meta area configured to storecertification values respectively corresponding to the chunks of theplurality of pieces of data comprising the file. The determining theintegrity may include detecting positions of the chunks of the file andthe file meta area from the file object area based on information storedin the volume meta area, determining certification values of the chunksof the file based on the detected positions of the chunks, anddetermining whether the file has integrity by acquiring certificationvalues of the chunks of the file with reference to the detected filemeta area and comparing the acquired certification values of the chunkswith the determined certification values of the chunks.

The file meta area may further store an encryption value that isdetermined based on certification values of pieces of informationincluded in the file meta area and a predefined encryption algorithm.The determining the integrity further may include determiningcertification values of the pieces of information included in the filemeta area based on information stored in the volume meta area anddetermining an encryption value using the determined certificationvalues and the encryption algorithm, and determining whether the fileobject area has integrity by comparing the determined encryption valuewith an encryption value stored in the file meta area.

The volume may further include a global file meta area configured tostore information about a particular file. The global file meta area maystore an encryption value that is determined based on certificationvalues of pieces of information comprising the particular file and apredefined encryption algorithm.

The particular file may be a file that is initially executed whenbooting a system.

The determining the integrity may include, when booting the system,determining certification values of pieces of information included inthe global file meta area based on information stored in the volume metaarea and determining an encryption value using the determinedcertification values and the encryption algorithm, comparing thedetermined encryption value with an encryption value stored in theglobal file meta area, in response to the determined encryption valueand the stored encryption value corresponding to each other, determiningcertification values of chunks of a file included in the global filemeta area, and determining whether the file included in the global filemeta area has integrity by comparing the determined certification valuesof the chunks with certification values of the chunks stored in theglobal file meta area.

The determining the integrity may include: in response to the file beingdetermined as an executable file based on execution information includedin the volume meta area, determining whether the file has integrity.

The volume meta area may store a certification value for verifyingintegrity of the super block area. The determining the integrity mayfurther include determining whether the super block area has integrityby determining certification values of pieces of information included inthe super block area and comparing the determined certification valueswith certification values stored in the volume meta area.

According to another example aspect of the present disclosure, a filemanagement apparatus includes a memory configured to arrange a pluralityof pieces of data of a file as units of chunks and to store the chunks,and a processor configured to determine whether the file has integrityby comparing determined certification value of at least one of thechunks of the file with a pre-stored certification value correspondingto the at least one the chunks and to execute the file based on theintegrity determination result based on an execution command.

The memory may store a super block area configured to store allinformation about a volume, a volume meta area configured to store atleast one selected from information for managing the file and executioninformation of the file, and a volume block configured to include a fileobject area storing the file composed as the units of chunks andinformation about the file.

The file object area may include a file meta area configured to storecertification values respectively corresponding to chunks of a pluralityof pieces of data composing the file. The processor may include a filecontroller configured to detect positions of the chunks of the file andthe file meta area from the file object area based on information storedin the volume meta area, and a certification processor configured todetermine certification values of the chunks of the file based on thedetected positions of the chunks. The certification processor maydetermine whether the file has integrity by acquiring certificationvalues of the chunks of the file with reference to the detected filemeta area and comparing the acquired certification values of the chunkswith the determined certification values of the chunks.

The file meta area may further store an encryption value that isdetermined based on certification values of pieces of informationincluded in the file meta area and a predefined encryption algorithm.The processor may further include an encryption processor configured todetermine certification values of the pieces of information included inthe file meta area based on information stored in the volume meta areaand calculate an encryption value using the determined certificationvalues and the encryption algorithm. The encryption processor maydetermine whether the file object area has integrity by determiningwhether the determined encryption value corresponds to an encryptionvalue stored in the file meta area.

The volume may further include a global file meta area configured tostore information about a particular file. The global file meta area maystore an encryption value that is determined based certification valuesof pieces of information composing the particular file and a predefinedencryption algorithm.

The particular file may be a file that is initially executed whenbooting a system.

When booting the system, the encryption processor may determine whetherthe global file meta area has integrity by determining certificationvalues of pieces of information included in the global file meta areabased on information stored in the volume meta area, determining anencryption value using the determined certification values and theencryption algorithm, and comparing the determined encryption value withan encryption value stored in the global file meta area. In response tothe determined encryption value and the stored encryption valuecorresponding to each other, the certification processor may determinewhether a file included in the global file meta area has integrity bydetermining certification values of chunks of the file included in theglobal file meta area and comparing the determined certification valuesof the chunks with certification values of the chunks stored in theglobal file meta area

In response to the file being determined as an executable file based onexecution information included in the volume meta area, the filecontroller may determine whether the file has integrity.

The volume meta area may store a certification value for verifyingintegrity of the super block area. The certification processor maydetermine whether the super block area has integrity by determiningcertification values of pieces of information included in the superblock area and comparing the determined certification values withcertification values stored in the volume meta area.

The method further includes selecting at least one chunk to be used fromamong a plurality of chunks stored in the memory, calculating acertification value for the selected at least one chunk and comparingthe calculated certification value with a predetermined certificationvalue for the selected at least one chunk.

The processor selects at least one chunk to be used from among aplurality of chunks stored in the memory, calculates a certificationvalue for the selected at least one chunk, and compare the calculatedcertification value with a predetermined certification value for theselected at least one chuck.

According to various example embodiments of the present disclosure asdescribed above, a file management apparatus may improve a performanceof a whole system by partially determining whether a plurality of piecesof data comprising a file to be executed have integrities based on acharacteristic of the corresponding file and a need for thedetermination.

Additional and/or other aspects and advantages of the disclosure will beset forth in part in the description which follows and, in part, will beapparent from the description.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and/or other aspects, features and attendant advantages of thepresent disclosure will be more apparent and readily understood from thefollowing detailed description, taken in conjunction with theaccompanying drawings, in which like reference numerals refer to likeelements, and wherein:

FIG. 1 is a block diagram illustrating an example file managementapparatus according to an example embodiment of the present disclosure;

FIG. 2 is a block diagram illustrating ane processor according to anexample embodiment of the present disclosure;

FIG. 3 is a diagram illustrating an example structure of a volume areastoring file-related information according to an example embodiment ofthe present disclosure;

FIG. 4 is a diagram illustrating an example structure of a file metaarea of a file object area according to an example embodiment of thepresent disclosure;

FIG. 5 is a diagram illustrating an example structure of a global filemeta area according to an example embodiment of the present disclosure;

FIG. 6 is a flowchart illustrating an example integrity verifying methodof a file management apparatus according to an example embodiment of thepresent disclosure;

FIG. 7 is a flowchart illustrating an example method of determiningwhether a file stored in a volume area has integrity in a filemanagement apparatus, according to an example embodiment of the presentdisclosure;

FIG. 8 is a flowchart illustrating an example method of determiningwhether a super block area of a volume has integrity in a filemanagement apparatus, according to an example embodiment of the presentdisclosure; and

FIG. 9 is a flowchart illustrating an example method of verifyingintegrity of a file when booting a system in a file managementapparatus, according to an example embodiment of the present disclosure.

DETAILED DESCRIPTION

Various example embodiments of the present disclosure will now bedescribed in greater detail with reference to the accompanying drawings.

In the following description, same drawing reference numerals are usedfor the same elements even in different drawings. The matters defined inthe description, such as detailed construction and elements, areprovided to assist in a comprehensive understanding of the disclosure.Thus, it is apparent that the example embodiments of the presentdisclosure can be carried out without those specifically definedmatters. Also, well-known functions or constructions are not describedin detail since they would obscure the disclosure with unnecessarydetail.

Prior to a detailed description of the present disclosure, describingmethods of the present disclosure and drawings will be described. Theterms used herein are selected as general terms that are currentlywidely used in consideration of their functions in the presentdisclosure. However, these terms may depend on intentions or legal ortechnical interpretations of those skilled in the art, emergences of newtechnologies, and the like. Also, there may be some terms that arearbitrarily selected. These terms may be construed to have meaningsdefined in the present disclosure and may be understood based on wholecontents of the present disclosure and common technical knowledge of theart as long as there are no detailed definitions of the terms.

Also, the same reference numerals or symbols described in the attacheddrawings denote parts or elements that actually perform the samefunctions. For convenience of descriptions and understanding, the samereference numerals or symbols are used and described in differentexample embodiments. In other words, although elements having the samereference numerals are all illustrated in a plurality of drawings, theplurality of drawings do not mean one example embodiment.

Also, the terms “first”, “second”, etc. may be used to describe diversecomponents, but the components are not limited by the terms. The termsare only used to distinguish one component from the others. For example,used orders, arrangement orders, or the like of elements that arecombined with these ordinal numbers may not be limited by the numbers.If necessary, the ordinal numbers may be respectively replaced and used.

The singular expression also includes the plural meaning as long as itdoes conflict with the context. In the present disclosure, the terms“include” and “comprise” designate the presence of features, numbers,steps, operations, components, elements, or a combination thereof thatare written in the disclosure, but do not exclude the presence orpossibility of addition of one or more other features, numbers, steps,operations, components, elements, or a combination thereof.

In the example embodiment of the present disclosure, the term “module”,“unit”, or “part” may, for example, be referred to as an element thatperforms at least one function or operation, and may be implemented withhardware, software, or a combination of hardware and software. Inaddition, a plurality of “modules”, a plurality of “units”, a pluralityof “parts” may be integrated into at least one module or chip except fora “module”, a “unit”, or a “part” which has to be implemented withspecific hardware, and may be implemented with at least one processor(not shown).

Also, when any part is connected to another part, this includes a directconnection and an indirect connection through another medium. Unlessotherwise defined, when any part includes any element, it may refer to asituation in which any part further include other elements withoutexcluding other elements.

Hereinafter, various example embodiments of the present disclosure willbe described in greater detail with reference to the attached drawings.

FIG. 1 is a block diagram illustrating an example file managementapparatus 100 according to an example embodiment of the presentdisclosure

As illustrated in FIG. 1, the file management apparatus 100 may includea processor (e.g., including processing circuitry) 110, a block layer120, and a memory 130.

The processor 110 may include various circuitry that controls operationsof elements composing the file management apparatus 100. In particular,the processor 110 performs an integrity verification of an executablefile corresponding to a user command among a plurality of files storedin the memory 130 or an integrity verification of an executable filethat is executed when booting a system.

The block layer 120 operates as a medium for transmitting and receivingfile-related information between the processor 110 and the memory 130.Therefore, the processor 110 and the memory 130 may transmit and receiveinformation about a file through the block layer 120.

The memory 130 stores a plurality of files. In other words, the memory130 may include a plurality of pieces of data comprising each of aplurality of files as units of chunks and then store the chunks in avolume area. In other words, a plurality of pieces of data comprising afile may be dispersedly stored as units of chunks in a volume area.

As described above, the memory 130 that stores a plurality of files maybe realized as a recording medium that may store file-relatedinformation in the memory 130 when the memory 130 is cut off from powersupply, e.g., as a recording medium such as a read only memory (ROM), ahard disc, or a flash disc.

For example, the processor 110 performs an integrity verification of avolume area storing a file for executing an application requested by auser based on an execution command of the corresponding application.

To be specific, the processor 110, according to a command to execute anapplication requested by a user, checks positions of at least one chunkfrom a volume area storing the file for executing the application andcalculates certification values of the at least one checked chunk.

Thereafter, the processor 110 compares the certification values of theat least one chunk with respect to the file and the prestoredcertification values and determines whether the certification valuescorrespond to the pre-stored certification values. That is, theprocessor 110 selects at least one chunk to use out of the plurality ofchunks prestored in the memory 130 and calculates certification valueswith respect to the selected chunks. The processor 110 compares thecertification values calculated from the selected chunk and thecertification values prestored in response to the chunk and determineswhether the calculated certification values correspond to the prestoredcertification values. As a result of the determination, if the twocertification values match with each other, the processor 110 determinesthat the corresponding file has integrity.

If at least one of the determined certification values of the chunks isdifferent from a pre-stored certification value, the processor 110determines that an error occurs in a chunk having two differentcertification values. In other words, if at least one of the determinedcertification values of the chunks is different from a pre-storedcertification value, the processor 110 determines that a chunk havingtwo different certification values does not have integrity.

Here, the processor 110 may determine whether each chunk correspondingto a point of time when each chuck is used among all chunks comprising afile has integrity through an integrity-related processing operationdescribed above.

For example, a file may be configured as first through third chunks.Also, if a chunk corresponding to a point of time when a chunk is to becurrently used is a first chunk, the processor 110 may determine whetherthe first chunk corresponding to the point of time when the chunks is tobe currently used has integrity.

However, the present disclosure is not limited thereto, and if there area plurality of chunks corresponding to a point of time when a chunk isto be currently used, the processor 110 may determine whether at leasttwo or more chucks corresponding to the point of time when the chunk isto be currently used among the first through third chunks haveintegrities.

As described above, the file management apparatus 100 according to thepresent disclosure may improve a performance of a whole system bydispersedly storing a plurality of pieces of data comprising a file asunits of chunks in the memory 130 and performing integrity verificationsof the dispersedly stored chunks, in comparison with an existing filemanagement apparatus determining whether all files have integrities.

Hereinafter, an operation of the processor 110 of the file managementapparatus 100 performing an integrity verification of a file stored in avolume area of the memory 130 will be described in greater detail.

FIG. 2 is a block diagram illustrating an example of the processor 110,according to an example embodiment of the present disclosure.

As illustrated in FIG. 2, the processor 110 includes a file controller111, a certification processor 112, and an encryption processor 113.

The file controller 111 detects a plurality of chunks of a requestedfile and an area storing certification values of the chunks from avolume area storing the requested file based on a file request for anapplication corresponding to an execution command of a user. Forexample, a file of the application corresponding to the executioncommand of the user may include a plurality of pieces of data, and theplurality of pieces of data may be dispersedly stored as units of chunksin the volume area. Therefore, the file controller 111 detects an areastoring a plurality of chunks of a requested file and determinedcertification values of the chunks from the volume area storing therequested file.

If the area storing the plurality of chunks of the requested file andthe determined certification values of the chunks is detected, thecertification processor 112 may verify integrity of the requested fileby determining certification values of the chunks with reference to thedetected area and comparing the determined certification values of thechunks and pre-stored certification values of the chunks.

Before performing an integrity verification of the requested filethrough the comparison between the determined certification values ofthe chunks of the file and the pre-stored certification values of thechunks, the encryption processor 113 performs an integrity verificationof the area storing the plurality of chunks of the requested file.

If integrity of the area storing the plurality of chunks of therequested file and integrity of a chunk stored in the corresponding areaare verified, the file controller 111 may execute the requested file.

FIG. 3 is a diagram illustrating an example structure of a volume areastoring file-related information, according to an example embodiment ofthe present disclosure.

As illustrated in FIG. 3, a volume area 300 that dispersedly stores aplurality of pieces of data comprising a file as units of chunks mayinclude a super block area 310, a volume meta area 320, a file objectarea 330, and a global file meta area 340.

The super block area 310 may refer, for example, to an area that storesall information about the volume area 300. According to exampleembodiments, the super block area 310 may be an area that stores volumesize information, position information of each area, information about afile system, such as a New Technology File System (NTFS), a FileAllocation Table (FAT), or an Extended File System 4 (EXT4), and thelike

The volume meta area 320 may refer, for example, to an area that storesat least one selected from information for managing a file, executioninformation about the file, and a certification value for verifyingintegrity of a super block area.

The file object area 330 may refer, for example, to an area that storesa file as units of chunks and information about the file. Here, theinformation about the file may include compression information intowhich a plurality of pieces of data are compressed as units of chunks,size information, certification information, position information ofeach of the chunks, and the like.

The file object area 330 as described above includes a chunk area 331that dispersedly stores a plurality of chunks of a plurality of piecesof data comprising a file and a file meta area 333 that storesinformation about the plurality of chunks.

The chunk area 331 includes a first chunk chunk0 331-1 and a secondchunk chunk1 331-3 into which the plurality of pieces of data composingthe file are compressed.

Also, the file meta area 333 stores position information, compressioninformation, and certification information of each of chunks (the firstand second chunks 331-1 and 331-3) stored in the chunk area 331, and thelike. Here, the certification information may include calculated hashvalues of the chunks (the first and second chunks 331-1 and 331-3)stored in the chunk area 331, and the hash values of the chunks may bestored in a table form. In addition, the certification information mayinclude an encryption value that is calculated by using the hash valuesof the chunks (the first and second chunks 331-1 and 331-3) stored inthe chunk area 331 and a predefined encryption algorithm.

Also, the global file meta area 340 may refer, for example, to an areathat stores information about a particular file. Here, according toexample embodiments, the particular file may be a file that is initiallyexecuted when booting a system.

FIG. 4 is a diagram illustrating an example structure of a file metaarea of a file object area, according to an example embodiment of thepresent disclosure.

As illustrated in FIG. 4, the file meta area 333 includes a fileinformation area 333-1, a certification information area 333-2, and anencryption area 333-3.

As described above with reference to FIG. 3, the file information area333-1 stores position information and compression information of each ofthe chunks (the first and second chunks 331-1 and 331-3) stored in thechunk area 331, and the like.

The certification information area 333-2 may refer, for example, to anarea for verifying integrity of each of the first and second chunks331-1 and 331-3 stored in the chunk area 331. For this, thecertification information area 333-2 stores determined certificationvalues of the chunks (the first and second chunks 331-1 and 331-3)stored in the chunk area 331 in a table form. Here, the certificationvalues may be hash values that are determined using a hash functiongenerating a pseudorandom number having a fixed information length.

Therefore, the certification information area 333-2 may determine hashvalues of the chunks (the first and second chunks 331-1 and 331-3)stored in the chunk area 331 by using a hash function and store thedetermined hash values of the chunks in a table form.

The encryption area 333-3 may refer, for example, to an area forverifying integrity of the file object area 330. For this, theencryption area 333-3 stores an encryption value using hash valuesdetermined from all information stored in the file meta area 333 and apredefined encryption algorithm. For example, and without limitation,the encryption algorithm may be a Rivest Shamir Adleman (RSA) algorithmthat makes a public key and a private key into a set, and encrypts anddecrypts the set.

However, the present disclosure is not limited thereto, and anencryption value of the file meta area 333 may be determined by usingvarious types of well-known encryption algorithms and then stored in theencryption area 333-3.

FIG. 5 is a diagram illustrating an example structure of a global filemeta area according to an example embodiment of the present disclosure.

As illustrated in FIG. 5, the global file meta area 340 may refer, forexample, to an area that stores information about a particular file.Here, the particular file may be a file that needs to be initiallyaccessed when booting a system. In other words, the particular file maybe a file that needs to be initially accessed when booting the system,among files stored in the volume area 300 of the memory 130.

A plurality of files that need to be initially accessed may be stored inthe global file meta area 340. In this case, the global file meta area340 may include, for example, a global file information area 341, aglobal certification information area 342, and a global encryption area343.

The global file information area 341 stores a plurality of chunks intowhich a plurality of pieces of data comprising at least one file definedas a particular file are compressed, position information andcompression information of the chunks, and the like.

The global certification information area 342 may refer, for example, toan area for verifying integrity of each of the plurality of chunks ofthe at least one file defined as the particular file. For this, theglobal certification information area 342 stores determinedcertification values of the plurality of chunks of the at least one filestored in the global file information area 341. Here, the certificationvalues may be hash values that are determined using a hash functiongenerating a pseudorandom number having a fixed information length.

Therefore, the global certification information area 342 may determinehash values of a plurality of chunks of at least one file stored in theglobal file information area 341 and store the determined hash values ofthe chunks in a table form.

The global encryption area 343 may refer, for example, to an area forverifying integrity of the global file meta area 340. For this, theglobal encryption area 343 stores an encryption value using hash valuesdetermined from all information stored in the global file meta area 340and a predefined encryption algorithm. Here, the encryption algorithmmay be an RSA algorithm that makes a public key and a private key into aset, and encrypts and decrypts the set.

However, the present disclosure is not limited thereto, and anencryption value of the file object area 330 may be determined usingvarious types of well-known encryption algorithms and then stored in theglobal encryption area 343.

As described above, when booting a system, the file management apparatus100 according to the present disclosure may further rapidly perform anintegrity verification of at least one file that needs to be initiallyaccessed among files stored in the volume area 300 of the memory 130 bysorting out the at least one file from other files and storing the atleast one file in the global file meta area 340.

Hereinafter, an operation of the processor 110 of the file managementapparatus 100 of the present disclosure verifying whether a file storedin the volume area 300 has integrity will be described in greaterdetail.

As described above, the processor 110 includes the file controller 111,the certification processor 112, and the encryption processor 113.

For example, the file controller 111 detects a position of a chunk of afile requested to be executed and the file meta area 333 from the fileobject area 330 based on information stored in the volume meta area 320.In other words, the file controller 111 detects position information ofeach of a plurality of chunks of a file requested to be executed andposition information of the file meta area 333 from the chunk area 331based on information stored in the volume meta area 320.

According to another example aspect of the present disclosure, the filecontroller 111 may determine whether to perform an integrityverification of a file requested to be executed, based on executioninformation of the corresponding file among a plurality of pieces ofinformation stored in the volume meta area 320 and then perform theabove-described operation based on the determination result.

For example, the file controller 111 determines whether a file requestedto be executed is an image file such as jpg or an executable file forexecuting a program such as exe, based on execution information of thecorresponding file among a plurality of pieces of information stored inthe volume meta area 320. Alternatively, even if a corresponding fileobject area is mapped on an attribute such as VM_EXEC or the like, thefile controller 111 may determine whether a file is an image file or anexecutable file based on information stored in the volume meta area 320.

If the file requested to be executed is the executable file according tothe determination result, the file controller 111 may determine that anintegrity verification of the corresponding file is to be performed,detect position information of each of the plurality of chunks of thefile requested to be executed and position information of the file metaarea 333, and perform an integrity verification of merely a necessarychunk.

If the file requested to be executed is the image file, the filecontroller 111 may determine that the integrity verification of thecorresponding file is not to be performed and may merely detect positioninformation of each of the plurality of chunks of the file requested tobe executed.

If it is determined that the integrity verification of the filerequested to be executed is to be performed, the certification processor112 determines certification values respectively corresponding to aplurality of chunks of a corresponding file detected from the filecontroller 111 based on position information of each of the plurality ofchunks. Here, the certification values may be hash values that aredetermined using a hash function.

Thereafter, the certification processor 112 acquires certificationvalues of the chunks of the file requested to be executed with referenceto the certification information area 333-2 of the file meta area 333detected by the file controller 111. The certification processor 112determines whether the file requested to be executed has integrity bycomparing the certification values respectively determined from thechunks of the file requested to be executed with certification values ofthe chunks of the corresponding file acquired from the certificationinformation area 333-2.

For example, if a certification value determined from a first chunk of aplurality of chunks of a file requested to be executed is different froma certification value pre-stored in relation to the first chunk, thecertification processor 112 may determine that the first chunk does nothave integrity.

If determined certification values of a plurality of chunks of a filerequested to be executed all correspond to pre-stored certificationvalues, the certification processor 112 may determine that the chunks ofthe file requested to be executed have integrities.

Before determining whether the file requested to be executed hasintegrity, the processor 110 of the file management apparatus 100according to the present disclosure may perform an integrityverification of the file meta area 333 that stores information about thefile requested to be executed through the encryption processor 113.

In other words, the encryption processor 113 determines a certificationvalue of each of pieces of information included in the file meta area333 based on information stored in the volume meta area 320 according toan execution command of a file for executing an applicationcorresponding to a user command. Here, the certification value may be ahash value that is determined using a hash function. If thecertification value of each of the pieces of information included in thefile meta area 333 is determined as described above, the encryptionprocessor 113 determines an encryption value by using the determinedcertification value and a predefined encryption algorithm. Here,according to example embodiments, the encryption algorithm may be an RSAalgorithm.

If the encryption value of the information included in the file metaarea 333 is determined, the encryption processor 113 determines whetherthe file meta area 333 has integrity by comparing the calculatedencryption value with an encryption value stored in the encryption area333-3 of the file meta area 333.

In other words, if the encryption value determined from the informationincluded in the file meta area 333 corresponds to the encryption valuestored in the encryption area 333-3, the encryption processor 113determines that the file meta area 333 has integrity. If the encryptionvalue determined from the information included in the file meta area 333is different from the encryption value stored in the encryption area333-3, the encryption processor 113 determines that the file meta area333 does not have integrity.

As described above, the file management apparatus 100 according to thepresent disclosure may check whether a certification value is modulatedby performing an integrity verification of the file meta area 333.

If it is determined that information about the file meta area 333 hasintegrity through an integrity verification, the certification processor112 may determine whether a file requested to be executed has integritythrough the above-described performed operation.

If initial booting of a system starts, the encryption processor 113determines whether at least one file, which needs to be initiallyaccessed among files stored in the volume area 300 of the memory 130,has integrity by accessing the global file meta area 340 storinginformation about the at least one file based on information stored inthe volume meta area 320.

For example, if the initial booting of the system starts, the encryptionprocessor 113 accesses the global file meta area 340 based on theinformation stored in the volume meta area 320. Thereafter, theencryption processor 113 calculates a certification value of each ofpieces of information included in the global file meta area 340 anddetermines an encryption value of the global file meta area 340 by usingthe calculated certification value of each of the information and apredefined encryption algorithm. Here, the certification value may be ahash value that is determined through a hash function, and theencryption algorithm may be an RSA algorithm that makes a public key anda private key into a set, and encrypts and decrypts the set.

The encryption processor 113 compares an encryption value pre-stored inthe global encryption area 343 and a pre-determined encryption value byaccessing the global encryption area 343 included in the global filemeta area 340 and determines whether the global file meta area 340 hasintegrity based on the comparison result.

In other words, if the pre-stored encryption value and thepre-calculated encryption value correspond to each other, the encryptionprocessor 113 determines that the global file meta area 340 hasintegrity. Also, if the pre-stored encryption value and thepre-calculated encryption value do not correspond to each other, theencryption processor 113 determines that the global file meta area 340does not have integrity.

If it is determined that the global file meta area 340 has integrity,the certification processor 112 determines certification values ofchunks of at least one file included in the global file information area341 by accessing the global file information area 341 included in theglobal file meta area 340. Thereafter, the certification processor 112compares the determined certification values with certification valuesstored in the global certification area 342 included in the global filemeta area 340.

Here, the certification values stored in the global certification area342 may be values that are respectively determined from chunks of atleast one file stored in the global file information area 341, and aplurality of certification values may be stored in a table form in theglobal certification area 342.

Therefore, the certification processor 112 compares certification valuesrespectively determined from chunks of at least one file included in theglobal file information area 341 with certification values of chunks ofat least one file pre-stored in the global certification area 342. Ifthe determined certification values of the chunks of the at least onefile correspond to the pre-stored certification values according to thecomparison result, the certification processor 112 may determine thatthe at least one file included in the global file information area 341has integrity. If the determined certification values of the chunks ofthe at least one file do not correspond to the pre-stored certificationvalues, the certification processor 112 may determine that the at leastone file included in the global file information area 341 does not haveintegrity.

As described above, the volume meta area 320 included in the volume area300 may store a certification value for verifying integrity of the superblock area 310. In other words, the volume meta area 320 may storecertification values of pieces of information included in the superblock area 310 in a table form. Here, the certification values may behash values that are calculated by using a hash function.

Therefore, before performing an integrity verification of the fileobject area 330 or the global file meta area 340 as described above, thecertification processor 120 may determine whether the super block area310 has integrity by determining certification values of pieces ofinformation included in the super block area 310 and comparing thedetermined certification values with certification values stored in thevolume meta area 320.

If it is determined that the super block area 310 has integrity, thecertification processor 120 and the encryption processor 130 may performan integrity verification of the file object area 330 or the global filemeta area 340 through a series of processing processes described above.

The file management apparatus 100 according to the present disclosurehas been described in detail. Hereinafter, an integrity verifying methodof the file management apparatus 100 according to the present disclosurewill be described in greater detail.

FIG. 6 is a flowchart illustrating an example integrity verifying methodof a file management apparatus, according to an example embodiment ofthe present disclosure.

As illustrated in FIG. 6, the file management apparatus 100, when a fileincluding a plurality of pieces of data is received, arranges theplurality of pieces of data of the file in units of chunks and stores ina memory (S610). In operation S620, the file management apparatus 100,based on an execution command, compares certification values of the atleast one chunk and certification values prestored in response to atleast one chunk and determines integrity. That is, the file managementapparatus 100, when at least one chunk to be used is selected from amonga plurality of chunks stored in a memory, calculates certificationvalues of the selected chunk. Thereafter, the file management apparatus100 compares the calculated certification values and the at least oneselected chunk and determines integrity. In operation S630, the filemanagement apparatus 100 executes the requested file based on theintegrity determination result.

For example, the file management apparatus 100 checks positions of aplurality of chunks of a file for executing an application requested bya user from a volume area storing the file and determines certificationvalues of the checked chunks based on an execution command of theapplication.

Thereafter, the file management apparatus 100 determines whether thedetermined certification values of the chunks of the corresponding filecorrespond to pre-stored certification values of the chunks by comparingthe determined certification values of the chunks with the pre-storedcertification values of the chunks. If the determined certificationvalues of the chunks correspond to the pre-stored certification valuesaccording to the determination result, the file management apparatus 100determines that the corresponding file is normal. In other words, if thedetermined certification values of the chunks of the file correspond tothe pre-stored certification values, the file management apparatus 100determines that the corresponding file has integrity.

If at least one of the determined certification values of the chunks isdifferent from a pre-stored certification value, the file managementapparatus 100 determines that an error occurs in a chunk having twodifferent certification values. In other words, if the at least one ofthe determined certification values of the chunks is different from thepre-stored certification value, the file management apparatus 100determines that the chunk having the two different certification valuesdoes not have integrity.

As described above, the file management apparatus 100 according to thepresent disclosure may improve a performance of a whole system bydispersedly storing a plurality of pieces of data comprising a file asunits of chunks in the volume area 300 of the memory 130 and performingan integrity verification of each of the dispersedly stored chunks incomparison with an existing file management apparatus determiningwhether all files have integrity.

Hereinafter, a method of verifying integrity of a file stored in thevolume area 300 in the file management apparatus 100 according to thepresent disclosure will be described in detail.

FIG. 7 is a flowchart illustrating an example method of determiningwhether a file stored in a volume area has integrity in a filemanagement apparatus, according to an example embodiment of the presentdisclosure.

As illustrated in FIG. 7, the file management apparatus 100 performs anintegrity verification of an area storing a file requested to beexecuted from the volume area 300 of the memory 130 storing thecorresponding file based on an execution request for the file.

For example, as described above with reference to FIG. 3, the volumearea 300 that dispersedly stores a plurality of pieces of datacomprising a file as units of chunks may include the super block area310, the volume meta area 320, and the file object area 330.

The super block area 310 may refer, for example, to an area that storesall information about the volume area 300. According to exampleembodiments, the super block area 310 may be an area that stores volumesize information, position information of each area, information about afile system such as an NTFS, an FAT, or an EXT4, and the like.

The volume meta area 320 may refer, for example, to an area that storesat least one selected from information for managing a file, an executioninformation of the file, and a certification value for verifyingintegrity of a super block area.

The file object area 330 may refer, for example, to an area that storesa file comprised as units of chunks and information about the file.Here, the information about the file may include compression informationinto which a plurality of pieces of data comprising a file arecompressed as units of chunks, size information, certificationinformation, position information of the chunks, and the like.

The file object area 330 as described above may include the chunk area331 that dispersedly stores a plurality of chunks of a plurality ofpieces of data composing a file and the file meta area 333 that storesinformation about the plurality of chunks.

As described above with reference to FIG. 4, the file meta area 333includes the file information area 333-1, the certification informationarea 333-2, and the encryption area 333-3.

The file information area 333-1 stores position information, compressioninformation, and the like of chunks of a file stored in the chunk area331.

The certification information area 333-2 may refer, for example to anarea for verifying integrity of each of the chunks of the file stored inthe chunk area 331. For this, the certification information area 333-2stores determined certification values of the chunks stored in the chunkarea 331 in a table form. Here, the certification values may be hashvalues that are determined using a hash function.

The encryption area 333-3 may refer, for example, to an area forverifying integrity of the file object area 330. For this, theencryption area 333-3 stores an encryption value by using certificationvalues determined from all information stored in the file meta area 333and a predefined encryption algorithm. Here, the encryption algorithmmay be an RSA algorithm that makes a public key and a private key into aset, and encrypts and decrypts the set.

Therefore, in operation S710, the file management apparatus 100determines certification values of pieces of information included in thefile meta area 333 and determines an encryption value of the file metaarea 333 using the determined certification values and a predefinedencryption algorithm by accessing the file meta area 333 of the fileobject area 330 storing a file for executing an application requested bya user based on information stored in the volume meta area 320 accordingto an execution command of the corresponding application.

In operation S720, the file management apparatus 100 accesses the filemeta area 333 included in the file object area 330 based on informationstored in the volume meta area 320 and compares an encryption valuepre-stored in the file meta area 333 with a pre-determined encryptionvalue.

If the pre-stored encryption value does not correspond to thepre-determined encryption value based on the comparison result, the filemanagement apparatus 100 determines that an error occurs in integrity ofthe file object area 330 in operations S730 and S740.

If the pre-stored encryption value corresponds to the pre-determinedencryption value, the file management apparatus 100 performs anintegrity verification of the chunk area 331 included in the file objectarea 330. The integrity verification of the file object area 330 asdescribed above may be performed just once the first time. For example,when an execution command of an executable file corresponding to a usercommand is initially input or a system is booted, the file managementapparatus 100 may perform an integrity verification of the file objectarea merely once the first time.

If the integrity of the file object area 330 is verified, the filemanagement apparatus 100 determines certification values of chunks of afile requested to be executed from the chunk area 331 included in thefile object area 330 in operation S750. In operation S760, the filemanagement apparatus 100 compares the determined certification values ofthe chunks of the file requested to be executed with certificationvalues of the chunks of the file stored in the certification informationarea 333-2 of the file meta area 333. If at least one certificationvalues of certification values of a plurality of chunks of the filerequested to be executed do not correspond to each other, the filemanagement apparatus 100 determines that an error occurs in integrity ofthe file requested to be executed.

If the certification values of the plurality of chunks of the filerequested to be executed corresponds to one another, the file managementapparatus 100 determines that the file requested to be executed hasnormal integrity in operation S780.

Before determining whether a file requested to be executed hasintegrity, the file management apparatus 100 according to the presentdisclosure may determine whether to perform an integrity verification ofthe corresponding file based on execution information about the fileamong a plurality of pieces of information stored in the volume metaarea 320 and perform the above-described operation based on thedetermination result.

For example, the file management apparatus 100 determines whether a filerequested to be executed is an image file such as “jpg” or an executablefile for executing a program such as “exe” based on executioninformation of the corresponding file among a plurality of pieces ofinformation stored in the volume meta area 320.

If the file requested to be executed is the executable file according tothe determination result, the file management apparatus 100 may performan integrity verification of the file by performing a series ofprocessing operations described above. If the file requested to beexecuted is other file that is not executed such as an image or thelike, the file management apparatus 100 may not perform the integrityverification of the file.

Also, before determining whether the file requested to be executed hasintegrity, the file management apparatus 100 may determine whether thesuper block area 310 has integrity.

FIG. 8 is a flowchart illustrating an example method of determiningwhether a super block area of a volume has integrity in a filemanagement apparatus, according to an example embodiment of the presentdisclosure.

As illustrated in FIG. 8, in operation S810, the file managementapparatus 100 determines certification values of pieces of informationincluded in the super block area 310 based on an execution command of anapplication requested by a user.

In operations S820 and S830, the file management apparatus 100determines whether the certification values of the pieces of informationincluded in the super block area 310 with certification values stored inthe volume meta area 320 by comparing the certification values of thepieces of information with the certification values stored in the volumemeta area 320.

If the certification values of the pieces of information included in thesuper block area 310 correspond to the certification values stored inthe volume meta area 320 based on the determination result, the filemanagement apparatus 100 determines that the super block area 310 hasnormal integrity in operation S840.

If the certification values of the pieces of information included in thesuper block area 310 do not correspond to at least one of thecertification values stored in the volume meta area 320, the filemanagement apparatus 100 determines that an error occurs in theintegrity of the super block area 310 in operation S850.

Hereinafter, a method of verifying integrity of a file necessary forbooting a system when initially booting the system in the filemanagement apparatus 100 will be described in detail.

FIG. 9 is a flowchart illustrating an example method of verifyingintegrity of a file when booting a system in a file managementapparatus, according to an example embodiment of the present disclosure.

Prior to descriptions of FIG. 9, the volume area 300 described above mayfurther include the global file meta area 340. The global file meta area340 may refer, for example, to an area that stores information about aparticular file. Here, according to example embodiments, the particularfile may be a file that is initially executed when booting the system.In other words, the particular file may be a file that needs to beinitially accessed among files stored in the volume area 300 of thememory 130 when booting the system.

A plurality of files that need to be initially accessed may be stored inthe global file meta area 340. In this case, as described above withreference to FIG. 5, the global file meta area 340 may include theglobal file information area 341, the global certification informationarea 342, and the global encryption area 343.

The global file information area 341 stores a plurality of chunks intowhich a plurality of pieces of data composing at least one file definedas a particular file are compressed, position information andcompression information of each of the chunks, and the like.

The global certification information area 342 stores determinedcertification values of a plurality of chunks of at least one filestored in the global file information area 341 in a table form.

Also, the global encryption area 343 stores an encryption value that isdetermined using certification values determined from all informationstored in the global file meta area 340 and a predefined encryptionalgorithm.

Therefore, if the system is initially booted, the file managementapparatus 100 accesses the global file meta area 340 based oninformation stored in the volume meta area 320. In operation S910, thefile management apparatus 100 determines certification values of piecesof information included in the global file meta area 340 and determinesan encryption value of the global file meta area 340 using thedetermined certification values of the pieces of information and apredefined encryption algorithm. Here, the certification value may be ahash value that is determined through a hash function, and theencryption algorithm may be an RSA that makes a public key and a privatekey into a set, and encrypts and decrypts the set.

In operations S920 and 930, the file management apparatus 100 comparesan encryption value pre-stored in the global encryption area 343 with apre-determined encryption value and determines whether the global filemeta area 340 has integrity based on the comparison result by accessingthe global encryption area 343 included in the global file meta area340.

If the pre-stored encryption value does not correspond to thepre-calculated encryption value according to the determination result,the file management apparatus 100 determines that an error occurs inintegrity of the global file meta area 340 in operation S940.

If the pre-stored encryption value corresponds to the pre-storedencryption value, the file management apparatus 100 determines that theglobal file meta area 340 has integrity and performs an integrityverification of at least one file included in the global fileinformation area 341. The integrity verification of the global file metaarea 340 may be performed just once the first time. For example, thefile management apparatus 100 may perform the integrity verification ofthe global file meta area 340 merely once the first one time whenbooting the system.

If the integrity of the global file information area 341 is verified,the file management apparatus 100 determines certification values ofchunks of at least one file included in the global file information area341 by accessing the global file information area 341 included in theglobal file meta area 340 in operation S950. In operations S960 and 970,the file management apparatus 100 determines whether a determinedcertification value corresponds to a certification value stored in theglobal certification area 342 included in the global file meta area 340by comparing the determined certification value with the storedcertification value

If at least one certification values do not correspond to each otherbased on the determination result, the file management apparatus 100determines that an error occurs in a file stored in the global fileinformation area 341. If determined certification values all correspondto pre-stored certification values, the file management apparatus 100determines that the file stored in the global file information area 341has normal integrity in operation S980.

The file management apparatus 100 according to the present disclosure asdescribed above may improve a performance of a whole system bydispersedly storing a plurality of pieces of data comprising a file asunits of chunks in the memory 130 and performing integrity verificationsof the dispersedly stored chunks in comparison with an existing filemanagement apparatus.

An integrity verifying method of the file management apparatus 100according to various example embodiments described above may be coded assoftware and then stored on a non-transitory readable medium. Thenon-transitory readable medium may be installed and used in varioustypes of apparatuses.

The non-transitory computer readable medium that may store datasemi-permanently and is readable by devices. For example, theaforementioned applications or programs may be stored in thenon-transitory computer readable media such as compact disks (CDs),digital video disks (DVDs), hard disks, Blu-ray disks, universal serialbuses (USBs), memory cards, and read-only memory (ROM).

The foregoing example embodiments and advantages are merely examples andare not to be understood as limiting the present disclosure. The presentteaching can be readily applied to other types of apparatuses. Also, thedescription of the example embodiments of the present disclosure isintended to be illustrative, and not to limit the scope of the claims,and many alternatives, modifications, and variations will be apparent tothose skilled in the art.

What is claimed is:
 1. A method of verifying integrity using a filemanagement apparatus, the method comprising: receiving a file comprisinga plurality of pieces of data; arranging the plurality of pieces of dataof the file as units of chunks and storing the chunks in a memory;determining whether the file has integrity by comparing a certificationvalue of at least one of the chunks of the file with a pre-storedcertification value corresponding to the at least one of the chunksbased on an execution command; and executing the file based on theintegrity determination result.
 2. The method of claim 1, wherein thememory stores: a super block area configured to store information abouta volume; a volume meta area configured to store at least one of:information for managing the file and execution information of the file;and a volume block comprising a file object area storing the filecomprising the units of chunks and information about the file.
 3. Themethod of claim 2, wherein the file object area comprises a file metaarea configured to store certification values corresponding to thechunks of the plurality of pieces of data comprising the file, whereinthe determining the integrity comprises: detecting positions of thechunks of the file and the file meta area from the file object areabased on information stored in the volume meta area; determiningcertification values of the chunks of the file based on the detectedpositions of the chunks; and determining whether the file has integrityby acquiring certification values of the chunks of the file withreference to the detected file meta area and comparing the acquiredcertification values of the chunks with the determined certificationvalues of the chunks.
 4. The method of claim 3, wherein the file metaarea further stores an encryption value that is determined based oncertification values of pieces of information included in the file metaarea and a predefined encryption algorithm, wherein the determining theintegrity further comprises: determining certification values of thepieces of information included in the file meta area based oninformation stored in the volume meta area and determining an encryptionvalue using the determined certification values and the encryptionalgorithm; and determining whether the file object area has integrity bycomparing the determined encryption value with an encryption valuestored in the file meta area.
 5. The method of claim 2, wherein thevolume further comprises a global file meta area configured to storeinformation about a particular file, wherein the global file meta areastores an encryption value determined based on certification values ofpieces of information comprising the particular file and a predefinedencryption algorithm.
 6. The method of claim 5, wherein the particularfile comprises a file that is initially executed when booting a system.7. The method of claim 5, wherein the determining the integritycomprises: determining certification values of pieces of informationcomprising the global file meta area based on information stored in thevolume meta area and determining an encryption value using thedetermined certification values and the encryption algorithm whenbooting the system; comparing the determined encryption value with anencryption value stored in the global file meta area; determiningcertification values of chunks of a file included in the global filemeta area in response to the determined encryption value and the storedencryption value corresponding to each other; and determining whetherthe file included in the global file meta area has integrity bycomparing the determined certification values of the chunks withcertification values of the chunks stored in the global file meta area.8. The method of claim 2, wherein the determining the integritycomprises: determining whether the file has integrity in response to thefile being determined as an executable file based on executioninformation comprised in the volume meta area.
 9. The method of claim 3,wherein the volume meta area stores a certification value for verifyingintegrity of the super block area, wherein the determining the integrityfurther comprises: determining whether the super block area hasintegrity by determining certification values of pieces of informationincluded in the super block area and comparing the determinedcertification values with certification values stored in the volume metaarea.
 10. A file management apparatus comprising: a memory configured toarrange a plurality of pieces of data of a file as units of chunks andto store the chunks; and a processor configured to determine whether thefile has integrity by comparing a determined certification value of atleast one of the chunks of the file with a pre-stored certificationvalue corresponding to the at least one the chunks and to execute thefile based on the integrity determination result based on an executioncommand.
 11. The file management apparatus of claim 10, wherein thememory stores: a super block area configured to store all informationabout a volume; a volume meta area configured to store at least one of:information for managing the file and execution information of the file;and a volume block configured to include a file object area storing thefile comprising the units of chunks and information about the file. 12.The file management apparatus of claim 11, wherein the file object areacomprises a file meta area configured to store certification valuescorresponding to chunks of a plurality of pieces of data comprising thefile, wherein the processor comprises: a file controller configured todetect positions of the chunks of the file and the file meta area fromthe file object area based on information stored in the volume metaarea; and a certification processor configured to determinecertification values of the chunks of the file based on the detectedpositions of the chunks, wherein the certification processor isconfigured to determine whether the file has integrity by acquiringcertification values of the chunks of the file with reference to thedetected file meta area and comparing the acquired certification valuesof the chunks with the determined certification values of the chunks.13. The file management apparatus of claim 12, wherein the file metaarea further stores an encryption value that is determined based oncertification values of pieces of information included in the file metaarea and a predefined encryption algorithm, wherein the processorfurther comprises an encryption processor configured to determinecertification values of the pieces of information included in the filemeta area based on information stored in the volume meta area anddetermine an encryption value using the determined certification valuesand the encryption algorithm, wherein the encryption processor isconfigured to determine whether the file object area has integrity bydetermining whether the determined encryption value corresponds to anencryption value stored in the file meta area.
 14. The file managementapparatus of claim 11, wherein the volume further comprises a globalfile meta area configured to store information about a particular file,wherein the global file meta area stores an encryption value determinedbased on certification values of pieces of information comprising theparticular file and a predefined encryption algorithm.
 15. The filemanagement apparatus of claim 14, wherein the particular file comprisesa file that is initially executed when booting a system.
 16. The filemanagement apparatus of claim 14, wherein when booting the system, theencryption processor is configured to determine whether the global filemeta area has integrity by: determining certification values of piecesof information included in the global file meta area based oninformation stored in the volume meta area, determining an encryptionvalue using the determined certification values and the encryptionalgorithm, and comparing the determined encryption value with anencryption value stored in the global file meta area, wherein inresponse to the determined encryption value and the stored encryptionvalue corresponding to each other, the certification processordetermines whether a file included in the global file meta area hasintegrity by determining certification values of chunks of the fileincluded in the global file meta area and comparing the determinedcertification values of the chunks with certification values of thechunks stored in the global file meta area.
 17. The file managementapparatus of claim 12, wherein the file controller is configured todetermine whether the file has integrity in response to the file beingdetermined as an executable file based on execution information includedin the volume meta area.
 18. The file management apparatus of claim 12,wherein the volume meta area stores a certification value for verifyingintegrity of the super block area, wherein the certification processoris configured to determine whether the super block area has integrityby: determining certification values of pieces of information includedin the super block area and comparing the determined certificationvalues with certification values stored in the volume meta area.
 19. Themethod of claim 1, further comprising: selecting at least one chunk tobe used from among a plurality of chunks stored in the memory;calculating a certification value for the selected at least one chunk;and comparing the calculated certification value with a predeterminedcertification value for the selected at least one chuck.
 20. The filemanagement apparatus of claim 10, wherein the processor is configured toselect at least one chunk to be used from among a plurality of chunksstored in the memory, to calculate a certification value for theselected at least one chunk, and to compare the calculated certificationvalue with a predetermined certification value for the selected at leastone chuck.